1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2019 Isilon Systems, LLC. 5 * Copyright (c) 2005-2014 Sandvine Incorporated. All rights reserved. 6 * Copyright (c) 2000 Darrell Anderson 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 #include "opt_inet.h" 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/errno.h> 37 #include <sys/socket.h> 38 #include <sys/sysctl.h> 39 40 #include <net/ethernet.h> 41 #include <net/if.h> 42 #include <net/if_arp.h> 43 #include <net/if_dl.h> 44 #include <net/if_types.h> 45 #include <net/if_var.h> 46 #include <net/if_private.h> 47 48 #include <netinet/in.h> 49 #include <netinet/in_systm.h> 50 #include <netinet/in_var.h> 51 #include <netinet/ip.h> 52 #include <netinet/ip_var.h> 53 #include <netinet/ip_options.h> 54 #include <netinet/udp.h> 55 56 #include <machine/in_cksum.h> 57 #include <machine/pcb.h> 58 59 #include <net/debugnet.h> 60 #define DEBUGNET_INTERNAL 61 #include <net/debugnet_int.h> 62 63 int debugnet_arp_nretries = 3; 64 SYSCTL_INT(_net_debugnet, OID_AUTO, arp_nretries, CTLFLAG_RWTUN, 65 &debugnet_arp_nretries, 0, 66 "Number of ARP attempts before giving up"); 67 68 /* 69 * Handler for IP packets: checks their sanity and then processes any debugnet 70 * ACK packets it finds. 71 * 72 * It needs to partially replicate the behaviour of ip_input() and udp_input(). 73 * 74 * Parameters: 75 * pcb a pointer to the live debugnet PCB 76 * mb a pointer to an mbuf * containing the packet received 77 * Updates *mb if m_pullup et al change the pointer 78 * Assumes the calling function will take care of freeing the mbuf 79 */ 80 void 81 debugnet_handle_ip(struct debugnet_pcb *pcb, struct mbuf **mb) 82 { 83 struct ip *ip; 84 struct mbuf *m; 85 unsigned short hlen; 86 87 if (pcb->dp_state < DN_STATE_HAVE_GW_MAC) 88 return; 89 90 /* IP processing. */ 91 m = *mb; 92 if (m->m_pkthdr.len < sizeof(struct ip)) { 93 DNETDEBUG("dropping packet too small for IP header\n"); 94 return; 95 } 96 if (m->m_len < sizeof(struct ip)) { 97 m = m_pullup(m, sizeof(struct ip)); 98 *mb = m; 99 if (m == NULL) { 100 DNETDEBUG("m_pullup failed\n"); 101 return; 102 } 103 } 104 ip = mtod(m, struct ip *); 105 106 /* IP version. */ 107 if (ip->ip_v != IPVERSION) { 108 DNETDEBUG("bad IP version %d\n", ip->ip_v); 109 return; 110 } 111 112 /* Header length. */ 113 hlen = ip->ip_hl << 2; 114 if (hlen < sizeof(struct ip)) { 115 DNETDEBUG("bad IP header length (%hu)\n", hlen); 116 return; 117 } 118 if (hlen > m->m_len) { 119 m = m_pullup(m, hlen); 120 *mb = m; 121 if (m == NULL) { 122 DNETDEBUG("m_pullup failed\n"); 123 return; 124 } 125 ip = mtod(m, struct ip *); 126 } 127 /* Ignore packets with IP options. */ 128 if (hlen > sizeof(struct ip)) { 129 DNETDEBUG("drop packet with IP options\n"); 130 return; 131 } 132 133 #ifdef INVARIANTS 134 if ((IN_LOOPBACK(ntohl(ip->ip_dst.s_addr)) || 135 IN_LOOPBACK(ntohl(ip->ip_src.s_addr))) && 136 (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 137 DNETDEBUG("Bad IP header (RFC1122)\n"); 138 return; 139 } 140 #endif 141 142 /* Checksum. */ 143 if ((m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) != 0) { 144 if ((m->m_pkthdr.csum_flags & CSUM_IP_VALID) == 0) { 145 DNETDEBUG("bad IP checksum\n"); 146 return; 147 } 148 } else { 149 /* XXX */ ; 150 } 151 152 /* Convert fields to host byte order. */ 153 ip->ip_len = ntohs(ip->ip_len); 154 if (ip->ip_len < hlen) { 155 DNETDEBUG("IP packet smaller (%hu) than header (%hu)\n", 156 ip->ip_len, hlen); 157 return; 158 } 159 if (m->m_pkthdr.len < ip->ip_len) { 160 DNETDEBUG("IP packet bigger (%hu) than ethernet packet (%d)\n", 161 ip->ip_len, m->m_pkthdr.len); 162 return; 163 } 164 if (m->m_pkthdr.len > ip->ip_len) { 165 /* Truncate the packet to the IP length. */ 166 if (m->m_len == m->m_pkthdr.len) { 167 m->m_len = ip->ip_len; 168 m->m_pkthdr.len = ip->ip_len; 169 } else 170 m_adj(m, ip->ip_len - m->m_pkthdr.len); 171 } 172 173 ip->ip_off = ntohs(ip->ip_off); 174 175 /* Check that the source is the server's IP. */ 176 if (ip->ip_src.s_addr != pcb->dp_server) { 177 DNETDEBUG("drop packet not from server (from 0x%x)\n", 178 ip->ip_src.s_addr); 179 return; 180 } 181 182 /* Check if the destination IP is ours. */ 183 if (ip->ip_dst.s_addr != pcb->dp_client) { 184 DNETDEBUGV("drop packet not to our IP\n"); 185 return; 186 } 187 188 if (ip->ip_p != IPPROTO_UDP) { 189 DNETDEBUG("drop non-UDP packet\n"); 190 return; 191 } 192 193 /* Do not deal with fragments. */ 194 if ((ip->ip_off & (IP_MF | IP_OFFMASK)) != 0) { 195 DNETDEBUG("drop fragmented packet\n"); 196 return; 197 } 198 199 if ((m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) != 0) { 200 if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID) == 0) { 201 DNETDEBUG("bad UDP checksum\n"); 202 return; 203 } 204 } else { 205 /* XXX */ ; 206 } 207 208 /* UDP custom is to have packet length not include IP header. */ 209 ip->ip_len -= hlen; 210 211 /* Checked above before decoding IP header. */ 212 MPASS(m->m_pkthdr.len >= sizeof(struct ipovly)); 213 214 /* Put the UDP header at start of chain. */ 215 m_adj(m, sizeof(struct ipovly)); 216 debugnet_handle_udp(pcb, mb); 217 } 218 219 /* 220 * Builds and sends a single ARP request to locate the L2 address for a given 221 * INET address. 222 * 223 * Return value: 224 * 0 on success 225 * errno on error 226 */ 227 static int 228 debugnet_send_arp(struct debugnet_pcb *pcb, in_addr_t dst) 229 { 230 struct ether_addr bcast; 231 struct arphdr *ah; 232 struct ifnet *ifp; 233 struct mbuf *m; 234 int pktlen; 235 236 ifp = pcb->dp_ifp; 237 238 /* Fill-up a broadcast address. */ 239 memset(&bcast, 0xFF, ETHER_ADDR_LEN); 240 m = m_gethdr(M_NOWAIT, MT_DATA); 241 if (m == NULL) { 242 printf("%s: Out of mbufs\n", __func__); 243 return (ENOBUFS); 244 } 245 pktlen = arphdr_len2(ETHER_ADDR_LEN, sizeof(struct in_addr)); 246 m->m_len = pktlen; 247 m->m_pkthdr.len = pktlen; 248 MH_ALIGN(m, pktlen); 249 ah = mtod(m, struct arphdr *); 250 ah->ar_hrd = htons(ARPHRD_ETHER); 251 ah->ar_pro = htons(ETHERTYPE_IP); 252 ah->ar_hln = ETHER_ADDR_LEN; 253 ah->ar_pln = sizeof(struct in_addr); 254 ah->ar_op = htons(ARPOP_REQUEST); 255 memcpy(ar_sha(ah), IF_LLADDR(ifp), ETHER_ADDR_LEN); 256 ((struct in_addr *)ar_spa(ah))->s_addr = pcb->dp_client; 257 bzero(ar_tha(ah), ETHER_ADDR_LEN); 258 ((struct in_addr *)ar_tpa(ah))->s_addr = dst; 259 return (debugnet_ether_output(m, ifp, bcast, ETHERTYPE_ARP)); 260 } 261 262 /* 263 * Handler for ARP packets: checks their sanity and then 264 * 1. If the ARP is a request for our IP, respond with our MAC address 265 * 2. If the ARP is a response from our server, record its MAC address 266 * 267 * It needs to replicate partially the behaviour of arpintr() and 268 * in_arpinput(). 269 * 270 * Parameters: 271 * pcb a pointer to the live debugnet PCB 272 * mb a pointer to an mbuf * containing the packet received 273 * Updates *mb if m_pullup et al change the pointer 274 * Assumes the calling function will take care of freeing the mbuf 275 */ 276 void 277 debugnet_handle_arp(struct debugnet_pcb *pcb, struct mbuf **mb) 278 { 279 char buf[INET_ADDRSTRLEN]; 280 struct in_addr isaddr, itaddr; 281 struct ether_addr dst; 282 struct mbuf *m; 283 struct arphdr *ah; 284 struct ifnet *ifp; 285 uint8_t *enaddr; 286 int req_len, op; 287 288 m = *mb; 289 ifp = m->m_pkthdr.rcvif; 290 if (m->m_len < sizeof(struct arphdr)) { 291 m = m_pullup(m, sizeof(struct arphdr)); 292 *mb = m; 293 if (m == NULL) { 294 DNETDEBUG("runt packet: m_pullup failed\n"); 295 return; 296 } 297 } 298 299 ah = mtod(m, struct arphdr *); 300 if (ntohs(ah->ar_hrd) != ARPHRD_ETHER) { 301 DNETDEBUG("unknown hardware address 0x%2D)\n", 302 (unsigned char *)&ah->ar_hrd, ""); 303 return; 304 } 305 if (ntohs(ah->ar_pro) != ETHERTYPE_IP) { 306 DNETDEBUG("drop ARP for unknown protocol %d\n", 307 ntohs(ah->ar_pro)); 308 return; 309 } 310 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 311 if (m->m_len < req_len) { 312 m = m_pullup(m, req_len); 313 *mb = m; 314 if (m == NULL) { 315 DNETDEBUG("runt packet: m_pullup failed\n"); 316 return; 317 } 318 } 319 ah = mtod(m, struct arphdr *); 320 321 op = ntohs(ah->ar_op); 322 memcpy(&isaddr, ar_spa(ah), sizeof(isaddr)); 323 memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr)); 324 enaddr = (uint8_t *)IF_LLADDR(ifp); 325 326 if (memcmp(ar_sha(ah), enaddr, ifp->if_addrlen) == 0) { 327 DNETDEBUG("ignoring ARP from myself\n"); 328 return; 329 } 330 331 if (isaddr.s_addr == pcb->dp_client) { 332 printf("%s: %*D is using my IP address %s!\n", __func__, 333 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 334 inet_ntoa_r(isaddr, buf)); 335 return; 336 } 337 338 if (memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen) == 0) { 339 DNETDEBUG("ignoring ARP from broadcast address\n"); 340 return; 341 } 342 343 if (op == ARPOP_REPLY) { 344 if (isaddr.s_addr != pcb->dp_gateway && 345 isaddr.s_addr != pcb->dp_server) { 346 inet_ntoa_r(isaddr, buf); 347 DNETDEBUG("ignoring ARP reply from %s (not configured" 348 " server or gateway)\n", buf); 349 return; 350 } 351 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) { 352 inet_ntoa_r(isaddr, buf); 353 DNETDEBUG("ignoring server ARP reply from %s (already" 354 " have gateway address)\n", buf); 355 return; 356 } 357 MPASS(pcb->dp_state == DN_STATE_INIT); 358 memcpy(pcb->dp_gw_mac.octet, ar_sha(ah), 359 min(ah->ar_hln, ETHER_ADDR_LEN)); 360 361 DNETDEBUG("got server MAC address %6D\n", 362 pcb->dp_gw_mac.octet, ":"); 363 364 pcb->dp_state = DN_STATE_HAVE_GW_MAC; 365 return; 366 } 367 368 if (op != ARPOP_REQUEST) { 369 DNETDEBUG("ignoring ARP non-request/reply\n"); 370 return; 371 } 372 373 if (itaddr.s_addr != pcb->dp_client) { 374 DNETDEBUG("ignoring ARP not to our IP\n"); 375 return; 376 } 377 378 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 379 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 380 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 381 memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 382 ah->ar_op = htons(ARPOP_REPLY); 383 ah->ar_pro = htons(ETHERTYPE_IP); 384 m->m_flags &= ~(M_BCAST|M_MCAST); 385 m->m_len = arphdr_len(ah); 386 m->m_pkthdr.len = m->m_len; 387 388 memcpy(dst.octet, ar_tha(ah), ETHER_ADDR_LEN); 389 debugnet_ether_output(m, ifp, dst, ETHERTYPE_ARP); 390 *mb = NULL; 391 } 392 393 /* 394 * Sends ARP requests to locate the server and waits for a response. 395 * We first try to ARP the server itself, and fall back to the provided 396 * gateway if the server appears to be off-link. 397 * 398 * Return value: 399 * 0 on success 400 * errno on error 401 */ 402 int 403 debugnet_arp_gw(struct debugnet_pcb *pcb) 404 { 405 in_addr_t dst; 406 int error, polls, retries; 407 408 dst = pcb->dp_server; 409 restart: 410 for (retries = 0; retries < debugnet_arp_nretries; retries++) { 411 error = debugnet_send_arp(pcb, dst); 412 if (error != 0) 413 return (error); 414 for (polls = 0; polls < debugnet_npolls && 415 pcb->dp_state < DN_STATE_HAVE_GW_MAC; polls++) { 416 debugnet_network_poll(pcb); 417 DELAY(500); 418 } 419 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 420 break; 421 printf("(ARP retry)"); 422 } 423 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 424 return (0); 425 if (dst == pcb->dp_server) { 426 printf("\nFailed to ARP server"); 427 if (pcb->dp_gateway != INADDR_ANY) { 428 printf(", trying to reach gateway...\n"); 429 dst = pcb->dp_gateway; 430 goto restart; 431 } else 432 printf(".\n"); 433 } else 434 printf("\nFailed to ARP gateway.\n"); 435 436 return (ETIMEDOUT); 437 } 438 439 /* 440 * Unreliable IPv4 transmission of an mbuf chain to the debugnet server 441 * Note: can't handle fragmentation; fails if the packet is larger than 442 * ifp->if_mtu after adding the UDP/IP headers 443 * 444 * Parameters: 445 * pcb The debugnet context block 446 * m mbuf chain 447 * 448 * Returns: 449 * int see errno.h, 0 for success 450 */ 451 int 452 debugnet_ip_output(struct debugnet_pcb *pcb, struct mbuf *m) 453 { 454 struct udphdr *udp; 455 struct ifnet *ifp; 456 struct ip *ip; 457 458 MPASS(pcb->dp_state >= DN_STATE_HAVE_GW_MAC); 459 460 ifp = pcb->dp_ifp; 461 462 M_PREPEND(m, sizeof(*ip), M_NOWAIT); 463 if (m == NULL) { 464 printf("%s: out of mbufs\n", __func__); 465 return (ENOBUFS); 466 } 467 468 if (m->m_pkthdr.len > ifp->if_mtu) { 469 printf("%s: Packet is too big: %d > MTU %u\n", __func__, 470 m->m_pkthdr.len, ifp->if_mtu); 471 m_freem(m); 472 return (ENOBUFS); 473 } 474 475 ip = mtod(m, void *); 476 udp = (void *)(ip + 1); 477 478 memset(ip, 0, offsetof(struct ip, ip_p)); 479 ip->ip_p = IPPROTO_UDP; 480 ip->ip_sum = udp->uh_ulen; 481 ip->ip_src = (struct in_addr) { pcb->dp_client }; 482 ip->ip_dst = (struct in_addr) { pcb->dp_server }; 483 484 /* Compute UDP-IPv4 checksum. */ 485 udp->uh_sum = in_cksum(m, m->m_pkthdr.len); 486 if (udp->uh_sum == 0) 487 udp->uh_sum = 0xffff; 488 489 ip->ip_v = IPVERSION; 490 ip->ip_hl = sizeof(*ip) >> 2; 491 ip->ip_tos = 0; 492 ip->ip_len = htons(m->m_pkthdr.len); 493 ip->ip_id = 0; 494 ip->ip_off = htons(IP_DF); 495 ip->ip_ttl = 255; 496 ip->ip_sum = 0; 497 ip->ip_sum = in_cksum(m, sizeof(struct ip)); 498 499 return (debugnet_ether_output(m, ifp, pcb->dp_gw_mac, ETHERTYPE_IP)); 500 } 501